Password Attacks Lab - Hard

i’m really stacked here, tried to crack Johanna password through rpd… but always The connection failed to establish problem
Please any help

Have you tried to establish an RDP connection with Remmina?

Not yet… i’m brute-forcing for Johnanna… but not getting anything

hey guys,
Just wanted to put on a few notes there.
First, for SMB download / upload there is a possibility of using : recurse and mget / mput.
Makes it easier for those tasks.
Second I wanted to ask if someone can share how to mount bitlocker files in linux.
Having no windows myself I had to use my friends’ :sweat_smile:
I made a few research but couldnt find a decent answer. Dislocker seems to be an option but lacking a good documentation.

I think this will help you…
but for me i had to transfer the file into my windows VM then unlocked it and re-transfer the files in the disk back to my Linux system

1 Like

Stuck on the hard lab now too if anyone out there has any tips or clues. Ive been bruteforcing Johanna using hydra rdp. Its been giving me different passwords for Johanna. Non of them seem to work. Guess theres false postives from hydra rdp module?

You can use crackmapexec instead of hydra.

ok ill switch tools up and try that

stuck in the lab I managed to open keepass and get D.'s password but it won’t let me rdp or evil-winrm. I miss something?

Try enumerating smb with D.'s creds with a tool like smbclient. Theyll be a bitlocker back up file that youll need to extract hashes from and crack to get to the next stage of the lab.


this is a good link for the backup file


Hey @UDrinkincoffee - thanks so much for your help on the last one… how did you extract the H**** from the S** file!!! really stuck again any assistance would be amazing. I Don’t think they’ve showed us how to do it in HTB

Ah nevermind i’ve got it now. I can’t wait for this module to be over!


LOLz I feel ya dude. I felt the same way. Good stuff though.

1 Like

@cheekychimp let’s keep the fire burning

1 Like

hey any hint on how to get the file over to the attack box? tried with smbserver but is not allowed… and i cannot login over as the other user with evil-winrm

I think the lab box is internet connected upload the file to the internet somewhere then download to your attack box for cracking. A good service to do this is

1 Like

try using a python upload server, this help me on this part of the lab

what can I do after finding johanna’s password? i screw up, dont know what to do, there is a file .kdbx i literally cannot crack it, fvck im tired

I dont know what to do after finding johanna’s password, that is insane, i tried pretty much everything, i found .kdbx file but have no clue how to crack it